[2004] in Kerberos
Kerberos question - user password authentication (for xlock)
daemon@ATHENA.MIT.EDU (Peter Desnoyers)
Fri Jun 26 17:03:05 1992
Date: 26 Jun 92 15:30:33 GMT
From: peterd@pjd.dev.cdx.mot.com (Peter Desnoyers)
To: kerberos@shelby.Stanford.EDU
I'm trying to get xlock to work on a DECStation running Ultrix 4.1,
and am having a great deal of difficulty with the password checking
code.
We are running the enhanced security package, so you can't just get
the password entry, encrypt your input, and compare the two, which is
what xlock tries to do.
Not only that, but only "system" names are in /etc/auth, while user
passwords come from Kerberos, so you can't even use the auth routines
like checkpass or getauthid. (I tried; I made sure the program ran as
root and everything...)
Finally I got a copy of the Berkeley NET/2 login code, and tried
using the Kerberos code from that. No luck there, either - it would
always fail with "principle unknown". The only other person here who
knows anything about this thinks that it's because we don't have a
full Kerberos installation - just enough to do passwords for login and
su.
So does anyone know the magical incantation that a program must make
to determine whether a given string is indeed a valid password for a
user, when authorization is being done through BIND?
Peter Desnoyers
--
